what account should SQL service agent run under? | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

what account should SQL service agent run under?

I read in an article that it is good practice to use a low-privilege user account to run SQL server service rather than LocalSystem or Administrator.
Is this true, and if so, how do I set up a user account and how do I assign the proper rights to it so that it will run the SQL service service agents?
the best is to create a domain-level account and included this account in the domain admins, this account is also used in sql server mailing system.
Hi ya, use enterprise manager to set the account, this will ensure that permissions are set correctly. Do not add this account to the local admin or domain admin groups, as these are way too powerful and can cause your system/domain to be compromised. Best to not add the account to any groups (other than the default domain users) For specific tasks you may need to grant the account the appropriate file permissions, which will depend on the types of jobs you’re trying to run Cheers
Twan
What is sql server needs to do some domain level operations?
What if I have a clustered active/passive server environment, won’t I need to assign it administrative rights?
Most of the times, a local administrator account would be more than enough for SQL Server service.
If any of the job involved do perform a domain level operation then the SQL service account must be a part of that domain group, otherwise the job will be failed. Linkhttp://vyaskn.tripod.com/sql_server_security_best_practices.htm for security best practices. In case of cluster, service account must also have administrator permissions on all nodes.
The service account for the Cluster service must have the right to log in to SQL Server. If you accept the default, the account [NT AuthoritySystem] must have login rights to SQL Server so that the SQL Server resource DLL can run the IsAlive query against SQL Server. Normally, while setup of SQL in the Service Accounts dialog box, select either Use the same account for each service or Customize the settings for each service Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
]]>